The sysdig utility is a open source tool to trace, explore, capture system state and activity from a running Linux instance, then save, filter and analyze. It is a combination of tools like strace, tcpdump, htop, iftop and lsof. sysdig allows you to dig into system metrics including CPU, memory, disk I/O, network I/O, application activity and more.
I have been working on sysdig to implement the Linux kernel signal tracing feature and am overjoyed to see that the sysdig team announced csysdig, a curses based GUI for the cmdline functionality.
sysdig uses the Linux kernel tracing capabilities to do what it does. In addition to the driver, it has userspace tools and a lua layer atop it. The fully customizable csysdig interface will allow a very close look the system with a familiar gui like top.
With sysdig you can:
- Dump system activity to file, so that sysdig can be used to process it later
- View the top network connections for a single container
- See the files where apache spends the most time doing I/O
- Show all the interactive commands executed inside a given container
- Show every time a file is opened under /etc
- and much more…
Features of csysdig:
- A single tool to do a lot
- Support for both live analysis and trace file analysis
- An intuitive drill-down-oriented user interface
- Rich container support, by design
- Fully customizable architecture
Make sure you have kernel headers installed. To install the latest development version of sysdig, run:
$ git clone https://github.com/draios/sysdig $ cd sysdig $ mkdir build $ cd build $ cmake .. $ make $ sudo make install $ sudo make install_driver
You must have the kernel module loaded to use sysdig. Run:
$ sudo insmod sysdig-probe.ko
To check the various options that sysdig provides, run:
$ man sysdig